Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-13385

java.util.ConcurrentModificationException possible with Docker UploadManager during POST to blobs/uploads

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.1
    • Fix Version/s: 3.4.0
    • Component/s: Docker
    • Labels:
      None
    • Story Points:
      0.5

      Description

      A POST request to a Docker repository at endpoint /v2/*/blobs/uploads/ may result in a ConcurrentModificationException and 500 HTTP status code response.

      request.log

       172.20.9.5 - user [12/Jun/2017:07:15:59 -0700] "POST /repository/docker-internal/v2/twistlock/blobs/uploads/ HTTP/1.1" 500 65 31 "docker/17.06.0-ce-rc2 go/go1.8.3 git-commit/402dd4a kernel/4.9.30-moby os/linux arch/amd64 UpstreamClient(Docker-Client/17.06.0-ce-rc2 (darwin))"
      

      nexus.log:

      2017-06-12 07:15:59,523-0700 WARN [qtp659463480-1838] user org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: POST /v2/twistlock/blobs/uploads/
      java.util.ConcurrentModificationException: null
      at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source) [na:1.8.0_102]
      at java.util.stream.AbstractPipeline.copyInto(Unknown Source) [na:1.8.0_102]
      at java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) [na:1.8.0_102]
      at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source) [na:1.8.0_102]
      at java.util.stream.AbstractPipeline.evaluate(Unknown Source) [na:1.8.0_102]
      at java.util.stream.ReferencePipeline.collect(Unknown Source) [na:1.8.0_102]
      at org.sonatype.nexus.repository.docker.internal.UploadManager.getUploadsByName(UploadManager.java:120) [na:na]
      at org.sonatype.nexus.repository.docker.internal.UploadManager.startUpload(UploadManager.java:63) [na:na]
      at org.sonatype.nexus.repository.docker.internal.DockerHostedFacetImpl.beginBlobUpload(DockerHostedFacetImpl.java:549) [na:na]
      at org.sonatype.nexus.repository.docker.internal.DockerHostedFacet$beginBlobUpload$1.call(Unknown Source) [na:na]
      at org.sonatype.nexus.repository.docker.internal.V2Handlers$_closure3.doCall(V2Handlers.groovy:100) [na:na]
      at sun.reflect.GeneratedMethodAccessor453.invoke(Unknown Source) [na:na]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [na:1.8.0_102]
      at java.lang.reflect.Method.invoke(Unknown Source) [na:1.8.0_102]
      at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) [na:na]
      at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) [na:na]
      at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294) [na:na]
      at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1024) [na:na]
      at groovy.lang.Closure.call(Closure.java:414) [groovy-all:2.4.7]
      at org.codehaus.groovy.runtime.ConvertedClosure.invokeCustom(ConvertedClosure.java:54) [groovy-all:2.4.7]
      at org.codehaus.groovy.runtime.ConversionHandler.invoke(ConversionHandler.java:124) [groovy-all:2.4.7]
      at com.sun.proxy.$Proxy132.handle(Unknown Source) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.storage.UnitOfWorkHandler.handle(UnitOfWorkHandler.java:39) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.security.SecurityHandler.handle(SecurityHandler.java:52) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context$proceed.call(Unknown Source) [!/:na]
      at org.sonatype.nexus.repository.docker.internal.V2Handlers$_closure18.doCall(V2Handlers.groovy:283) [na:na]
      at sun.reflect.GeneratedMethodAccessor445.invoke(Unknown Source) [na:na]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [na:1.8.0_102]
      at java.lang.reflect.Method.invoke(Unknown Source) [na:1.8.0_102]
      at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) [na:na]
      at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) [na:na]
      at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294) [na:na]
      at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1024) [na:na]
      at groovy.lang.Closure.call(Closure.java:414) [groovy-all:2.4.7]
      at org.codehaus.groovy.runtime.ConvertedClosure.invokeCustom(ConvertedClosure.java:54) [groovy-all:2.4.7]
      at org.codehaus.groovy.runtime.ConversionHandler.invoke(ConversionHandler.java:124) [groovy-all:2.4.7]
      at com.sun.proxy.$Proxy132.handle(Unknown Source) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context$proceed.call(Unknown Source) [!/:na]
      at org.sonatype.nexus.repository.docker.internal.V2Handlers$_closure1.doCall(V2Handlers.groovy:77) [com.sonatype.nexus.plugins.nexus-repository-docker:3.2.1.01]
      at sun.reflect.GeneratedMethodAccessor444.invoke(Unknown Source) [na:na]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [na:1.8.0_102]
      at java.lang.reflect.Method.invoke(Unknown Source) [na:1.8.0_102]
      at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) [na:na]
      at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) [na:na]
      at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294) [na:na]
      at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1024) [na:na]
      at groovy.lang.Closure.call(Closure.java:414) [groovy-all:2.4.7]
      at org.codehaus.groovy.runtime.ConvertedClosure.invokeCustom(ConvertedClosure.java:54) [groovy-all:2.4.7]
      at org.codehaus.groovy.runtime.ConversionHandler.invoke(ConversionHandler.java:124) [groovy-all:2.4.7]
      at com.sun.proxy.$Proxy132.handle(Unknown Source) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:46) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Context.start(Context.java:114) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:63) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:43) [org.sonatype.nexus.repository:3.2.1.01]
      at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.dispatchAndSend(ViewServlet.java:197) [org.sonatype.nexus.plugins.nexus-repository-httpbridge:3.2.1.01]
      at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.doService(ViewServlet.java:159) [org.sonatype.nexus.plugins.nexus-repository-httpbridge:3.2.1.01]
      at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.service(ViewServlet.java:116) [org.sonatype.nexus.plugins.nexus-repository-httpbridge:3.2.1.01]
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api:3.1.0]
      at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:286) [com.google.inject:4.1.0]
      at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:276) [com.google.inject:4.1.0]
      at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:181) [com.google.inject:4.1.0]
      at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:71) [com.google.inject:4.1.0]
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [com.google.inject:4.1.0]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.3.2]
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.1.0]
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [org.apache.shiro.web:1.3.2]
      at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85) [org.sonatype.nexus.security:3.2.1.01]
      at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [org.apache.shiro.web:1.3.2]
      at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [org.apache.shiro.core:1.3.2]
      at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [org.apache.shiro.core:1.3.2]
      at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [org.apache.shiro.core:1.3.2]
      at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [org.apache.shiro.web:1.3.2]
      at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101) [org.sonatype.nexus.security:3.2.1.01]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.3.2]
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.1.0]
      

      Diagnosis

      Failure to follow the fully advertised Collections.synchronizedList() contract, leading to potential for ConcurrentModificationException.

        Attachments

          Activity

            People

            Assignee:
            jtom Joe Tom
            Reporter:
            krobinson Kelly Robinson
            Last Updated By:
            Peter Lynch
            Team:
            Nexus - Formats
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title